class SessionsController < ApplicationController
  skip_before_filter :authorize # VERY IMPORTANT
  def new
  end

  def create
    if user = User.authenticate(params[:username], params[:password])
      user = User.authenticate(params[:username], params[:password])
      session[:user_id] = user.id
      session[:id] = user.id
     
      if user.level==1
        redirect_to users_url # dua ve trang admin
      elsif user.level==2
        redirect_to librarian_index_url
      elsif user.level==3
        redirect_to students_index_url
      end
    else
      redirect_to login_url, :alert => "Invalid user/password combination"
    end
  end

  def destroy
    session[:user_id] = nil
    redirect_to login_url, :notice => "Logged out"
  end
end
